Developer Workstations Are Now Part of the Software Supply Chain

Blog

Byadmblake May 18, 2026

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud…

Blog

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is…

Read More New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
Blog

Discover Practical AI Tactics for GRC — Join the Free Expert Webinar

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept—it’s here, and it’s already reshaping how teams operate. AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more

Read More Discover Practical AI Tactics for GRC — Join the Free Expert Webinar
Blog

Cut CISA and Everyone Pays for It

Gutting CISA won’t just lose us a partner. It will lose us momentum. And in this game, that’s when things break.

Read More Cut CISA and Everyone Pays for It
Blog

Shadow Program Gives AWS Exec New Security Lens

Sara Duffer highlights the top lessons she brought back to her security role following three years in Amazon’s shadow program.

Read More Shadow Program Gives AWS Exec New Security Lens
Blog

Chinese Hackers Allegedly Pose as US Lawmaker

Chinese state-backed threat actors are suspected of posing as Michigan congressman John Moolenaar in a series of spearphishing attacks.

Read More Chinese Hackers Allegedly Pose as US Lawmaker
Blog

The Impact of Robotic Process Automation (RPA) on Identity and Access Management

As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber

Read More The Impact of Robotic Process Automation (RPA) on Identity and Access Management

Related